2023-04-21 14:44:17 +00:00
{
"type" : "bundle" ,
"id" : "bundle--b9b6dcfa-0b11-40dc-9bf4-9a36a2c1a046" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2022-10-04T10:50:05.000Z" ,
"modified" : "2022-10-04T10:50:05.000Z" ,
"name" : "Centre for Cyber security Belgium" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--b9b6dcfa-0b11-40dc-9bf4-9a36a2c1a046" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2022-10-04T10:50:05.000Z" ,
"modified" : "2022-10-04T10:50:05.000Z" ,
"name" : "HermeticWiper | New Destructive Malware Used In Cyber Attacks on Ukraine" ,
"published" : "2022-10-04T10:50:06Z" ,
"object_refs" : [
"indicator--de0bd41d-ffac-4e5a-8ffd-63c0ba4c6979" ,
"indicator--dc288e70-bf4b-46cc-84aa-515e39f3b433" ,
"indicator--e499240c-bfd1-4e5b-a70b-244c11d69053" ,
"observed-data--194c007c-eb84-4987-ae29-4dca3b02db47" ,
"url--194c007c-eb84-4987-ae29-4dca3b02db47" ,
"observed-data--8c55aae8-9ee3-4488-93e8-ee3998518fce" ,
"windows-registry-key--8c55aae8-9ee3-4488-93e8-ee3998518fce" ,
"indicator--85ca7a94-fcfb-4097-affc-0b102ae4dff5" ,
"x-misp-object--d611f80f-3015-4e5a-ba28-a4219aae2114" ,
"indicator--f6a02b6b-91df-4a01-9115-798e59bc7023" ,
"x-misp-object--d9a1332e-3511-4417-97c8-f30621513106" ,
"indicator--df7db285-8f67-49a0-a570-360c55604d2c" ,
"indicator--6e410e9b-426b-49ce-a8b9-4efdf1656f24" ,
"indicator--c908378a-8f2a-49e1-b592-306424bd139b" ,
2023-05-19 09:05:37 +00:00
"note--9f27b900-e658-4a75-854e-4a3e0f2d3899" ,
2024-08-07 08:13:15 +00:00
"relationship--c8fee6bc-cd76-4981-9016-5b60445d6fe7"
2023-04-21 14:44:17 +00:00
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"misp-galaxy:target-information=\"Ukraine\"" ,
"misp-galaxy:mitre-attack-pattern=\"Data Destruction - T1485\"" ,
"misp-galaxy:mitre-attack-pattern=\"Disk Structure Wipe - T1561.002\"" ,
"misp-galaxy:mitre-attack-pattern=\"Signed Binary Proxy Execution - T1218\"" ,
"misp-galaxy:mitre-attack-pattern=\"Group Policy Modification - T1484.001\"" ,
"misp-galaxy:mitre-attack-pattern=\"Inhibit System Recovery - T1490\"" ,
"admiralty-scale:source-reliability=\"a\"" ,
"admiralty-scale:information-credibility=\"1\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--de0bd41d-ffac-4e5a-8ffd-63c0ba4c6979" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2022-02-24T07:01:11.000Z" ,
"modified" : "2022-02-24T07:01:11.000Z" ,
"pattern" : "[file:hashes.MD5 = '231b3385ac17e41c5bb1b1fcb59599c4']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-02-24T07:01:11Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--dc288e70-bf4b-46cc-84aa-515e39f3b433" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2022-02-24T07:01:11.000Z" ,
"modified" : "2022-02-24T07:01:11.000Z" ,
"pattern" : "[file:hashes.MD5 = '095a1678021b034903c85dd5acb447ad']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-02-24T07:01:11Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--e499240c-bfd1-4e5b-a70b-244c11d69053" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2022-02-24T07:01:11.000Z" ,
"modified" : "2022-02-24T07:01:11.000Z" ,
"pattern" : "[file:hashes.MD5 = 'eb845b7a16ed82bd248e395d9852f467']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-02-24T07:01:11Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--194c007c-eb84-4987-ae29-4dca3b02db47" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2022-02-24T07:33:42.000Z" ,
"modified" : "2022-02-24T07:33:42.000Z" ,
"first_observed" : "2022-02-24T07:33:42Z" ,
"last_observed" : "2022-02-24T07:33:42Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--194c007c-eb84-4987-ae29-4dca3b02db47"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--194c007c-eb84-4987-ae29-4dca3b02db47" ,
"value" : "https://www.sentinelone.com/labs/hermetic-wiper-ukraine-under-attack/"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--8c55aae8-9ee3-4488-93e8-ee3998518fce" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2022-02-24T07:35:23.000Z" ,
"modified" : "2022-02-24T07:35:23.000Z" ,
"first_observed" : "2022-02-24T07:35:23Z" ,
"last_observed" : "2022-02-24T07:35:23Z" ,
"number_observed" : 1 ,
"object_refs" : [
"windows-registry-key--8c55aae8-9ee3-4488-93e8-ee3998518fce"
] ,
"labels" : [
"misp:type=\"regkey|value\"" ,
"misp:category=\"Artifacts dropped\""
]
} ,
{
"type" : "windows-registry-key" ,
"spec_version" : "2.1" ,
"id" : "windows-registry-key--8c55aae8-9ee3-4488-93e8-ee3998518fce" ,
"key" : "SYSTEM\\CurrentControlSet\\Control\\CrashControl CrashDumpEnabled" ,
"values" : [
{
"data" : "0"
}
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--85ca7a94-fcfb-4097-affc-0b102ae4dff5" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2022-02-24T07:40:59.000Z" ,
"modified" : "2022-02-24T07:40:59.000Z" ,
"pattern" : "[file:name = 'empntdrv.sys']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-02-24T07:40:59Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--d611f80f-3015-4e5a-ba28-a4219aae2114" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2022-02-24T07:19:05.000Z" ,
"modified" : "2022-02-24T07:19:05.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/gui/file/0385eeab00e946a302b24a91dea4187c1210597b8e17cd9e2230450f5ece21da/detection/f-0385eeab00e946a302b24a91dea4187c1210597b8e17cd9e2230450f5ece21da-1645685791" ,
"category" : "External analysis" ,
"uuid" : "df316954-b61d-436a-8804-d2f38a368eeb"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "8/71" ,
"category" : "Other" ,
"uuid" : "8becd4d8-0f4c-429a-a3d4-9e33ac8f55c5"
}
] ,
"x_misp_comment" : "912342f1c840a42f6b74132f8a7c4ffe7d40fb77: Enriched via the virustotal module" ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--f6a02b6b-91df-4a01-9115-798e59bc7023" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2022-02-24T07:21:35.000Z" ,
"modified" : "2022-02-24T07:21:35.000Z" ,
"description" : "912342f1c840a42f6b74132f8a7c4ffe7d40fb77: Enriched via the virustotal module" ,
"pattern" : "[file:hashes.MD5 = '84ba0197920fd3e2b7dfa719fee09d2f' AND file:hashes.SHA1 = '912342f1c840a42f6b74132f8a7c4ffe7d40fb77' AND file:hashes.SHA256 = '0385eeab00e946a302b24a91dea4187c1210597b8e17cd9e2230450f5ece21da']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-02-24T06:35:51Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--d9a1332e-3511-4417-97c8-f30621513106" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2022-02-24T07:25:48.000Z" ,
"modified" : "2022-02-24T07:25:48.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/gui/file/1bc44eef75779e3ca1eefb8ff5a64807dbc942b1e4a2672d77b9f6928d292591/detection/f-1bc44eef75779e3ca1eefb8ff5a64807dbc942b1e4a2672d77b9f6928d292591-1645686225" ,
"category" : "External analysis" ,
"uuid" : "bafabadb-48ca-48a7-b192-ed30a1ffc57c"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "28/71" ,
"category" : "Other" ,
"uuid" : "fecf0286-1c32-478d-93e3-507253b34c26"
}
] ,
"x_misp_comment" : "61b25d11392172e587d8da3045812a66c3385451: Enriched via the virustotal module" ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--df7db285-8f67-49a0-a570-360c55604d2c" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2022-02-24T07:25:57.000Z" ,
"modified" : "2022-02-24T07:25:57.000Z" ,
"description" : "61b25d11392172e587d8da3045812a66c3385451: Enriched via the virustotal module" ,
"pattern" : "[file:hashes.MD5 = '3f4a16b29f2f0532b7ce3e7656799125' AND file:hashes.SHA1 = '61b25d11392172e587d8da3045812a66c3385451' AND file:hashes.SHA256 = '1bc44eef75779e3ca1eefb8ff5a64807dbc942b1e4a2672d77b9f6928d292591']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-02-24T07:25:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--6e410e9b-426b-49ce-a8b9-4efdf1656f24" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2022-02-24T07:25:12.000Z" ,
"modified" : "2022-02-24T07:25:12.000Z" ,
"pattern" : "[file:hashes.MD5 = 'a952e288a1ead66490b3275a807f52e5']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-02-24T07:25:12Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--c908378a-8f2a-49e1-b592-306424bd139b" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2022-02-24T07:43:19.000Z" ,
"modified" : "2022-02-24T07:43:19.000Z" ,
"name" : "MAL_HERMETIC_WIPER" ,
"description" : "HermeticWiper - broad hunting rule" ,
"pattern" : "rule MAL_HERMETIC_WIPER {\r\n meta:\r\n desc = \\\\\"HermeticWiper - broad hunting rule\\\\\"\r\n author = \\\\\"Friends @ SentinelLabs\\\\\"\r\n version = \\\\\"1.0\\\\\"\r\n last_modified = \\\\\"02.23.2022\\\\\"\r\n hash = \\\\\"1bc44eef75779e3ca1eefb8ff5a64807dbc942b1e4a2672d77b9f6928d292591\\\\\"\r\n strings:\r\n $string1 = \\\\\"DRV_XP_X64\\\\\" wide ascii nocase\r\n $string2 = \\\\\"EPMNTDRV\\\\\\\\%u\\\\\" wide ascii nocase\r\n $string3 = \\\\\"PhysicalDrive%u\\\\\" wide ascii nocase\r\n $cert1 = \\\\\"Hermetica Digital Ltd\\\\\" wide ascii nocase\r\n condition:\r\n uint16(0) == 0x5A4D and\r\n all of them\r\n}" ,
"pattern_type" : "yara" ,
2023-12-14 14:30:15 +00:00
"pattern_version" : "2.1" ,
2023-04-21 14:44:17 +00:00
"valid_from" : "2022-02-24T07:43:19Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "misc"
}
] ,
"labels" : [
"misp:name=\"yara\"" ,
"misp:meta-category=\"misc\"" ,
"misp:to_ids=\"True\""
] ,
"x_misp_context" : "disk"
} ,
2023-05-19 09:05:37 +00:00
{
"type" : "note" ,
"spec_version" : "2.1" ,
"id" : "note--9f27b900-e658-4a75-854e-4a3e0f2d3899" ,
"created_by_ref" : "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631" ,
"created" : "2022-02-24T07:42:16.000Z" ,
"modified" : "2022-02-24T07:42:16.000Z" ,
"abstract" : "HermeticWiper | New Destructive Malware Used In Cyber Attacks on Ukraine" ,
"content" : "# HermeticWiper | New Destructive Malware Used In Cyber Attacks on Ukraine\r\n\r\n Juan Andr\u00e9s Guerrero-Saade / February 23, 2022\r\n\r\n## Executive Summary\r\n\r\n * On February 23rd, the threat intelligence community began observing a new wiper malware sample circulating in Ukrainian organizations.\r\n * Our analysis shows a signed driver is being used to deploy a wiper that erases Windows devices, after deleting shadow copies and manipulating MBR after rebooting.\r\n * This blog includes the technical details of the wiper, dubbed @[tag](HermeticWiper), and includes IOCs to allow organizations to stay protected from this attack.\r\n * This sample is actively being used against Ukrainian organizations, and this blog will be updated as more information becomes available.\r\n * @[tag](SentinelOne) customers are protected from this threat, no action is needed.\r\n \r\n ## Background\r\n\r\n On February 23rd, our friends at @[tag](Symantec) and @[tag](ESET) research tweeted hashes associated with a wiper attack in Ukraine, including one which is not publicly available as of this writing.\r\n\r\n We started analyzing this new wiper malware, calling it \u2018@[tag](HermeticWiper)\u2019 in reference to the digital certificate used to sign the sample. The digital certificate is issued under the company name \u2018Hermetica Digital Ltd\u2019 and valid as of April 2021. At this time, we haven\u2019t seen any legitimate files signed with this certificate. It\u2019s possible that the attackers used a shell company or appropriated a defunct company to issue this digital certificate.\r\n\r\n @[tag](HermeticWiper) Digital Signature This is an early effort to analyze the first available sample of @[tag](HermeticWiper). We recognize that the situation on the ground in Ukraine is evolving rapidly and hope that we can contribute our small part to the collective analysis effort.\r\n\r\n ## Technical Analysis\r\n\r\n At first glance, @[tag](HermeticWiper) appears to be a custom-written application with very few standard functions. The malware sample is 114KBs in size and roughly 70% of that is composed of resources. The developers are using a tried and tested technique of wiper malware, abusing a benign partition management driver, in order to carry out the more damaging components of their attacks. Both the @[tag](misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Lazarus Group - G0032\") (Destover) and @[tag](misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT33 - G0064\" ) ( S h a m o o n ) t o o k a d v a n t a g e o f E l d o s R a w d i s k i n o r d e r t o g e t d i r e c t u s e r l a n d a c c e s s t o t h e f i l e s y s t e m w i t h o u t c a l l i n g W i n d o w s A P I s . @ [ t a g ] ( H e r m e t i c W i p e r ) u s e s a s i m i l a r t e c h n i q u e b y a b u s i n g a d i f f e r e n t d r i v e r , @ [ a t t r i b u t e ] ( 85 c a 7 a 94 - f c f b -4097 - a f f c -0 b 102 a e 4 d f f 5 ) . \ r \ n \ r \ n @ [ t a g ] ( H e r m e t i c W i p e r ) r e s o u r c e s c o n t a i n i n g E a s e U S P a r t i t i o n M a n a g e r d r i v e r s T h e c o p i e s o f t h e d r i v e r a r e m s - c o m p r e s s e d r e s o u r c e s . T h e m a l w a r e d e p l o y s o n e o f t h e s e d e p e n d i n g o n t h e O S v e r s i o n , b i t n e s s , a n d S y s W o w 64 r e d i r e c t i o n . \ r \ n \ r \ n E a s e U S d r i v e r r e s o u r c e s e l e c t i o n T h e b e n i g n E a s e U S d r i v e r i s a b u s e d t o d o a f a i r s h a r e o f t h e h e a v y - l i f t i n g w h e n i t c o m e s t o a c c e s s i n g P h y s i c a l D r i v e s d i r e c t l y a s w e l l a s g e t t i n g p a r t i t i o n i n f o r m a t i o n . T h i s a d d s t o t h e d i f f i c u l t y o f a n a l y z i n g @ [ t a g ] ( H e r m e t i c W i p e r ) , a s a l o t o f f u n c t i o n a l i t y i s d e f e r r e d t o D e v i c e I o C o n t r o l c a l l s w i t h s p e c i f i c I O C T L s . \ r \ n \ r \ n # # M B R a n d P a r t i t i o n C o r r u p t i o n \ r \ n \ r \ n @ [ t a g ] ( H e r m e t i c W i p e r ) e n u m e r a t e s a r a n g e o f P h y s i c a l D r i v e s m u l t i p l e t i m e s , f r o m 0 -100 . F o r e a c h P h y s i c a l D r i v e , t h e \ \ \ \ . \ \ E P M N T D R V \ \ d e v i c e i s c a l l e d f o r a d e v i c e n u m b e r . \ r \ n \ r \ n T h e m a l w a r e t h e n f o c u s e s o n c o r r u p t i n g t h e f i r s t 512 b y t e s , t h e M a s t e r B o o t R e c o r d ( M B R ) f o r e v e r y P h y s i c a l D r i v e . W h i l e t h a t s h o u l d b e e n o u g h f o r t h e d e v i c e n o t t o b o o t a g a i n , @ [ t a g ] ( H e r m e t i c W i p e r ) p r o c e e d s t o e n u m e r a t e t h e p a r t i t i o n s f o r a l l p o s s i b l e d r i v e s . \ r \ n \ r \ n T h e y t h e n d i f f e r e n t i a t e b e t w e e n F A T a n d N T F S p a r t i t i o n s . I n t h e c a s e o f a F A T p a r t i t i o n , t h e m a l w a r e c a l l s t h e s a m e \ u 2018 b i t f i d d l e r \ u 2019 t o c o r r u p t t h e p a r t i t i o n . F o r N T F S , t h e @ [ t a g ] ( H e r m e t i c W i p
"object_refs" : [
2023-12-14 14:30:15 +00:00
"indicator--6e410e9b-426b-49ce-a8b9-4efdf1656f24" ,
"indicator--de0bd41d-ffac-4e5a-8ffd-63c0ba4c6979" ,
2024-08-07 08:13:15 +00:00
"indicator--85ca7a94-fcfb-4097-affc-0b102ae4dff5" ,
"indicator--dc288e70-bf4b-46cc-84aa-515e39f3b433" ,
"indicator--e499240c-bfd1-4e5b-a70b-244c11d69053"
2023-05-19 09:05:37 +00:00
]
} ,
2023-04-21 14:44:17 +00:00
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--c8fee6bc-cd76-4981-9016-5b60445d6fe7" ,
2023-04-21 14:44:17 +00:00
"created" : "2022-10-04T10:50:05.000Z" ,
"modified" : "2022-10-04T10:50:05.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--f6a02b6b-91df-4a01-9115-798e59bc7023" ,
"target_ref" : "x-misp-object--d611f80f-3015-4e5a-ba28-a4219aae2114"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
]
}